正在查找未签名且树外加载的内核模块?

正在查找未签名且树外加载的内核模块?

我刚刚尝试过

cat /proc/sys/kernel/tainted

命令,返回值为12289。

0     1           A module with a non-GPL license has been loaded, this
                  includes modules with no license.
                  Set by modutils >= 2.4.9 and module-init-tools
12    4096        An out-of-tree module has been loaded                           
13    8192        An unsigned module has been loaded in a kernel supporting
                  module signature

我的问题是:

  1. 这是正常的吗?

  2. 我如何才能找到哪些模块是未签名的,并找到它们的二进制文件以便用virustotal进行扫描?

  3. 什么是树外模块以及如何找到它们及其对应的二进制文件?

相关内容